USN-5765-1: PostgreSQL vulnerability
7 December 2022
PostgreSQL could allow unintended access to network services.
Releases
Packages
- postgresql-9.5 - Object-relational SQL database
Details
Jacob Champion discovered that PostgreSQL incorrectly handled SSL
certificate verification and encryption. A remote attacker could possibly
use this issue to inject arbitrary SQL queries when a connection is first
established.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04
-
postgresql-9.5
-
9.5.25-0ubuntu0.16.04.1+esm3
Available with Ubuntu Pro
After a standard system update you need to restart PostgreSQL to make all the
necessary changes.
References
Related notices
- USN-5145-1: libpq5, postgresql-plpython3-13, libpq-dev, postgresql-doc-10, postgresql-13, postgresql-plperl-10, postgresql-plpython3-12, postgresql-pltcl-12, libecpg6, postgresql-plpython3-10, postgresql-plpython-10, postgresql-server-dev-10, postgresql-doc-12, postgresql-client-13, postgresql-10, postgresql-12, libpgtypes3, postgresql-plperl-13, libecpg-dev, postgresql-plperl-12, postgresql-client-12, postgresql-client-10, postgresql-server-dev-12, postgresql-doc-13, postgresql-server-dev-13, postgresql-pltcl-13, postgresql-pltcl-10, libecpg-compat3